Y
Hacker News
new
|
ask
|
show
|
jobs
by
stingraycharles
2565 days ago
Which in itself is a problem: it means the MFA device is not required, if only they have access to my email + phone.
2 comments
burntsushi
2564 days ago
Sure, I know. Just pointing out that, at least for AWS, you do not need recovery codes or a second device for MFA. For me personally, phone+email is good enough for my threat model.
link
mschout
2564 days ago
Yes, AWS MFA is very poorly implemented.
link